Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Generating a self-signed certificate for an Application Server

Performing this procedure generates a 2048-bit RSA key and a self-signed certificate for an Application Server. The certificate is valid for three years, and it is stored under the "blade" alias.

To generate a self-signed certificate for an Application Server

  1.  From <installDirectory>/bin, enter the following command:
    blmkcert CN= <hostname> <jksFileName> <password>
    The command shown above has the following parameters:

    • <hostname> — Typically set to the host name where you are generating the certificate.
    • <jksFileName> — The full path to the keystore file that you are generating. This file should be stored in the /deployments directory for the Application Server that is being updated, such as <installDirectory>/br/deployments.
    • <password> — A password used to encrypt the generated keystore file.

    For example, if you are generating a self-signed certificate on a Windows server called winappserver1, you might enter a command similar to the following:
    blmkcert CN=winappserver1 "C:\Program Files\BMC Software\BladeLogic\NSH\br\deployments\bladelogic.keystore" ********

    Note

    If you are replacing an existing certificate, typically after the existing certificate has expired, this command overwrites the existing bladelogic.keystore file on the Application Server.

  2. If you are replacing an existing certificate, typically after the existing certificate has expired, perform the following additional steps:
    1. Stop the Application Server.

    2. Run the following commands if the file name or password are different from those used when the Application Server was installed:

      blasadmin -a set appserver certstore bladelogic.keystore
      blasadmin -a set appserver certpasswd <keystorePassword>
    3. Remove the existing certificate at each of the RCP clients that are associated with the Application Server.
    4. Start the Application Server.
    5. The first time that you connect to each of these RCP clients, you are informed that a new certificate has arrived from the Application Server. Accept the new certificate.
  3. If you are using a multi-Application Server environment, copy the JKS file you generated in step 1 from this Application Server to all cooperating Application Servers. If a new password is needed, update the password for each cooperating Application Server. For information about this process, see Synchronizing keystore files of multiple Application Servers.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*